搜尋

370 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.9CVE-2026-34768EPSS 0.01%Electron: Unquoted executable path in app.setLoginItemSettings on Windows2026/4/3
LOW3.3CVE-2026-34766EPSS 0.01%Electron: USB device selection not validated against filtered device list2026/4/3
LOW3.7CVE-2026-35648EPSS 0.03%OpenClaw may have stale policy enforcement for queued node actions2026/3/26
LOW3.1CVE-2026-4874EPSS 0.01%Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation2026/3/26
LOW3.7CVE-2026-4633EPSS 0.02%Keycloak's identity-first login flow exposes user information2026/3/23
LOW3.7CVE-2026-33490EPSS 0.02%h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes2026/3/20
LOW2.6CVE-2026-22735EPSS 0.09%Spring MVC and WebFlux has Server Sent Event stream corruption2026/3/20
LOW2.7CVE-2026-32638EPSS 0.03%StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens2026/3/16
LOW2.5CVE-2026-32970EPSS 0.02%OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode2026/3/13
LOW3.1CVE-2026-2366EPSS 0.01%Keycloak vulnerable to authorization bypass via the Admin API2026/3/12
LOW2.7CVE-2026-3911EPSS 0.01%Keycloak: Information disclosure of disabled user attributes via administrative endpoint2026/3/11
LOW3.7CVE-2025-11143EPSS 0.14%org.eclipse.jetty:jetty-http has different parsing of invalid URIs2026/3/5
LOW2.0CVE-2026-29184EPSS 0.01%@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass2026/3/5
LOW2.7CVE-2026-29185EPSS 0.01%Backstage vulnerable to potential reading of SCM URLs using built in token2026/3/5
LOW3.7CVE-2026-32067EPSS 0.04%OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access2026/3/4
LOW3.4CVE-2025-68467EPSS 0.02%Dark Reader gives users the ability to request style sheets from local web servers2026/3/4
LOW3.7CVE-2026-32028EPSS 0.04%OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups2026/3/3
LOW3.3CVE-2026-3449EPSS 0.02%@tootallnate/once vulnerable to Incorrect Control Flow Scoping2026/3/3
LOW2.6CVE-2026-32058EPSS 0.04%OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows2026/3/2
LOW3.3CVE-2026-32020EPSS 0.02%OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read2026/3/2
LOW3.7CVE-2026-31991EPSS 0.04%OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage2026/3/2
LOW3.1CVE-2025-12150EPSS 0.01%Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass2026/2/27
LOW3.3CVE-2026-3293EPSS 0.01%Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner2026/2/27
LOW3.6CVE-2026-31996EPSS 0.02%OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags2026/2/19
LOW3.8CVE-2026-2733EPSS 0.03%Keycloak: Missing Check on Disabled Client for Docker Registry Protocol2026/2/19